CVE-2026-6437
Public on 2026-04-17
Modified on 2026-04-22
Description
Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver (aws-efs-csi-driver) before v3.0.1 allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via comma injection.
To remediate this issue, users should upgrade to version v3.0.1
To remediate this issue, users should upgrade to version v3.0.1
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Core | amazon-efs-utils | Not Affected | ||
| Amazon Linux 2023 | amazon-efs-utils | Not Affected |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N |